An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps

Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are...

CVE-2021-0923

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITYRECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no...

UBUNTU-CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

EUVD-2021-25992

Malware in sbrugna...

EUVD-2017-4353

Malware in sbrugna...

EUVD-2021-3542

Malicious code in bioql PyPI...

EUVD-2022-25525

Malicious code in bioql PyPI...

EUVD-2022-25739

Malicious code in bioql PyPI...

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2020-0133

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2020-0116

In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0239

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...

Malware Families Discovery Via Open-Set Recognition on Android Manifest Permissions

Malware are malicious programs that are grouped into families based on their penetration technique, source code, and other characteristics. Classifying malware programs into their respective families is essential for building effective defenses against cyber threats. Machine learning models have ...

CVE-2024-10576

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact th...

CVE-2024-10576 Unauthorized factory reset of Infinix devices

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact th...

CVE-2024-10576

CVE-2024-10576 affects Infinix/Mobile devices due to a pre-loaded com.transsion. agingfunction app exposing an unsecured broadcast receiver. An attacker can trigger a device factory reset locally without Android permissions. Connected sources confirm the vulnerable component and impact; no explic...

CVE-2023-0133

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. Chromium security severity: Medium...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has a security vulnerability that could be exploited by attackers to delete Fdn contacts...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Android has an elevation of privilege vulnerability that stems from a window flag error when processing user input, which could lead to an eavesdropping attack that could be exploited by an attacker to cause...